Configure the signing task by specifying which artifacts to sign, in this case all the artifacts in the archives configuration. This will not yet include the pom file, which will be signed later.

signing {
sign configurations.archives
}

Then we need to configure the generated pom file, sign the pom file and configure the Sonatype OSS staging repository.
The 'beforeDeployment' line will sign the pom file right before the artifacts are deployed to the Sonatype OSS repository.
The 'repository' part configures the Sonatype OSS staging repository. Notice the sonatypeUsername and sonatypePassword variables, these are property variables to which I'll come back to later in this post.
The 'pom.project' section configures the generated pom files, you need to specify all this information because it's required for the Sonatype repository (and Maven Central).

Create a public key pair

A public key pair is needed to sign your jar/pom files. To generate this we need to dive into command line. Follow the "Generate a key pair" and "Distributing your public key" sections on this page: https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven
This will generate a key that will be stored on your computer and on sks-keyservers.net. Remember the password because there is no way to reset or restore it when you forget it.

Create a gradle properties file

Now we'll have to create a gradle.properties file which will contain the public key and sonatype login information. Because this is sensitive information it's best to store this file in your ".gradle" directory (e.g. D:\Users\MyUsername\.gradle) and not under your project. This properties file is used by your gradle build script. The signing.* properties are used and defined by the signing task, the sonatypeUsername and sonatypePassword properties are the variables we defined earlier in our build script. So first create the "gradle.properties" file under D:\Users\MyUsername\.gradle Then add the following properties to the file and change their values:

19 comments:

Note that the Gradle team have further simplified the 'signing' plugin in m5 such that you don't need to distinguish between published, archives, and signatures configurations. See http://wiki.gradle.org/display/GRADLE/Gradle+1.0-milestone-5+Release+Notes#Gradle1.0-milestone-5ReleaseNotes-Improvedsigningplugin

I had the same question so i looked into it a bit, when you use jar as your package type it is excluded from the generated pom because org.gradle.api.publication.maven.internal.DefaultMavenPom.writeNonEffectivePom calls org.apache.maven.project.MavenProject.writeModel which uses MavenXpp3Writer to generate the pom. On line 1011 you see why it does this

@Peter I'm quite sure it is required for synchronization with Maven Central (thus required for deployment on Sonatype OSS Repo), and I had some problems deploying my artifacts when I didn't specify it. See section "6. Central Sync Requirement" on https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide

Just wanted to add that, to be able to close the staging repository Sonatype OSS (oss.sonatype.org), I needed to include javadoc and source jars as well as the regular jar, which I accomplished by adding the following tasks and dependencies and updating the artifacts closure.

Thanks for sharing Andrew! I'll update my article with this information.In my GradleFx project I've done it almost the same way, only I think you don't need the dependsOn statements on the sourcesJar and uploadArchives tasks. When I do a "gradle uploadArchives" on my project it automatically compiles it, so it's already part of the build livecycle.Here's my build script: https://github.com/GradleFx/GradleFx/blob/master/build.gradle

I'm also using SNAPSHOT versions for our CI build and I'm having no problem deploying it to sonatype. Two questions:1. Did you add "-SNAPSHOT" to the version (mind the dash)2. Instead of deploying to sonatype, are you deploying to a webdav repo? If so, seems like other people have the same problem http://issues.gradle.org/browse/GRADLE-2129